Re: Password expert says he was wrong: Numbers, capital letters and symbols are useless: USA Today

[Jonathan Cohn]

The recommended new password scheme is four random words. One Password can
generate these for you, if you adjust the properties. Most people I know
that are not security experts tend to say "I just discovered I can add  1
to the password and the password change accepts that." So, it is good to
see that maybe the standards of passwords are actually moving, though I do
prefer the current Federal process of having a digital certificate on a
Smart Card and a simple pass phrase. The VA cards had copies of our
fingerprints, but I don't believe there was any push to get all federal
agencies to have fingerprint readers on all systems. And even if they did
unless integrated to the same extent as what Apple does for their
fingerprint sensors would cause me concerns that the system could be
compromised.



On 10 August 2017 at 10:34, Scott Granados  wrote:

> A-Men brother, well said.
>
> I read the article Mark posted and it’s very interesting.  It’s not that
> the numbers and letter replacement method was bad it was more that nobody
> was remembering passwords and using the same thing over and over again.  I
> think the author would rather have us use passwords easy to remember but
> different across sites instead of one somewhat complex but guessable phrase.
>
> I’m like you a very big proponent of 2factor.  I use 2factor absolutely
> everywhere from my bank to Apple, Google, Digital Ocean and across the
> entire enterprise at work.  It’s so important.  The lack of 2factor was
> instrumental in our last election it’s so important.
>
> Well said and +1 to Chris’s points.
>
>
> > On Aug 10, 2017, at 10:16 AM, christopher hallsworth <
> challswor...@icloud.com> wrote:
> >
> > Hello, if possible, I protect my accounts with two factor
> authentication, two step verification, security keys and the like.
> Basically, a second layer such as a randomly generated code, sent by text,
> as well as my account specific password, is my personal best advice. That
> way, even if someone manages to correctly guess your password, they will
> still be locked out unless they have your nominated phone with them. Apple
> particularly takes this level of security very seriously, and is now
> required for apps to use certain iCloud features, such as Microsoft Outlook
> for Mail, Calendar and People.
> >> On 10 Aug 2017, at 04:38, M. Taylor  wrote:
> >>
> >> Password expert says he was wrong: Numbers, capital letters and symbols
> are
> >> useless
> >> By Ashley May
> >>
> >> USA TODAY Cybersecurity experts say certain password rules are
> ineffective.
> >> Here is some of the latest advice on setting and resetting them. Time
> The
> >> man who said use capital letters, special characters and numbers in your
> >> password is now taking back that advice. (Photo: hanieriani, Getty
> >> Images/iStockphoto) The man behind the 2003 report responsible for many
> >> current password guidelines says the advice is wrong. Bill Burr, the
> author
> >> of an 8-page publication released by the National Institute of
> Standards and
> >> Technology, told The Wall Street Journal his previous advice of creating
> >> passwords with special characters, mixed-case letters and numbers won't
> >> deter hackers. In fact, he told the journal,'the paper wasn't based on
> any
> >> real-world password data, but rather a paper written in the 1980s.
> 'Much of
> >> what I did I now regret,' Burr told The Wall Street Journal . The
> problem is
> >> that federal agencies, businesses and institutions took the paper
> >> seriously'very seriously. The report turned into password protocol.
> Today,
> >> even though Burr's report was updated in June, we are still prompted to
> >> change our password every 90 days using at least one capital letter,
> symbol
> >> and number. These combinations aren't secure,'mainly because people
> choose
> >> predictable combinations. The advice about frequently changing a
> password
> >> has been criticized since the report. A 2010 study by the University of
> >> North Carolina at Chapel Hill showed that updating passwords often can
> >> actually help hackers identify a pattern. Another study from Carleton
> >> University said frequent changes are more inconvenient than helpful. The
> >> better solution could be to simply use a password with four random
> words,
> >> because the number of letters can be more difficult to hack than a small
> >> combination of letters and special characters, the Journal reports.
> Finally,
> >> a good reason to ignore those password prompts and come up with one we
> can
> >> actually remember. Follow Ashley May on Twitter: @AshleyMayTweets
> >>
> >> Original Article at:
> >> https://www.usatoday.com/story/news/nation-now/2017/08/
> 09/password-expert-sa
> >> ys-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/
> >>
> >>
> >> --
> >> The following information is important for all members of the Mac
> Visionaries list.
> >>
> >> If you have any questions 

Re: Password expert says he was wrong: Numbers, capital letters and symbols are useless: USA Today

[Scott Granados]

A-Men brother, well said.

I read the article Mark posted and it’s very interesting.  It’s not that the 
numbers and letter replacement method was bad it was more that nobody was 
remembering passwords and using the same thing over and over again.  I think 
the author would rather have us use passwords easy to remember but different 
across sites instead of one somewhat complex but guessable phrase.

I’m like you a very big proponent of 2factor.  I use 2factor absolutely 
everywhere from my bank to Apple, Google, Digital Ocean and across the entire 
enterprise at work.  It’s so important.  The lack of 2factor was instrumental 
in our last election it’s so important.

Well said and +1 to Chris’s points.


> On Aug 10, 2017, at 10:16 AM, christopher hallsworth 
>  wrote:
> 
> Hello, if possible, I protect my accounts with two factor authentication, two 
> step verification, security keys and the like. Basically, a second layer such 
> as a randomly generated code, sent by text, as well as my account specific 
> password, is my personal best advice. That way, even if someone manages to 
> correctly guess your password, they will still be locked out unless they have 
> your nominated phone with them. Apple particularly takes this level of 
> security very seriously, and is now required for apps to use certain iCloud 
> features, such as Microsoft Outlook for Mail, Calendar and People.
>> On 10 Aug 2017, at 04:38, M. Taylor  wrote:
>> 
>> Password expert says he was wrong: Numbers, capital letters and symbols are
>> useless
>> By Ashley May
>> 
>> USA TODAY Cybersecurity experts say certain password rules are ineffective.
>> Here is some of the latest advice on setting and resetting them. Time The
>> man who said use capital letters, special characters and numbers in your
>> password is now taking back that advice. (Photo: hanieriani, Getty
>> Images/iStockphoto) The man behind the 2003 report responsible for many
>> current password guidelines says the advice is wrong. Bill Burr, the author
>> of an 8-page publication released by the National Institute of Standards and
>> Technology, told The Wall Street Journal his previous advice of creating
>> passwords with special characters, mixed-case letters and numbers won't
>> deter hackers. In fact, he told the journal,'the paper wasn't based on any
>> real-world password data, but rather a paper written in the 1980s. 'Much of
>> what I did I now regret,' Burr told The Wall Street Journal . The problem is
>> that federal agencies, businesses and institutions took the paper
>> seriously'very seriously. The report turned into password protocol. Today,
>> even though Burr's report was updated in June, we are still prompted to
>> change our password every 90 days using at least one capital letter, symbol
>> and number. These combinations aren't secure,'mainly because people choose
>> predictable combinations. The advice about frequently changing a password
>> has been criticized since the report. A 2010 study by the University of
>> North Carolina at Chapel Hill showed that updating passwords often can
>> actually help hackers identify a pattern. Another study from Carleton
>> University said frequent changes are more inconvenient than helpful. The
>> better solution could be to simply use a password with four random words,
>> because the number of letters can be more difficult to hack than a small
>> combination of letters and special characters, the Journal reports. Finally,
>> a good reason to ignore those password prompts and come up with one we can
>> actually remember. Follow Ashley May on Twitter: @AshleyMayTweets 
>> 
>> Original Article at:
>> https://www.usatoday.com/story/news/nation-now/2017/08/09/password-expert-sa
>> ys-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/
>> 
>> 
>> -- 
>> The following information is important for all members of the Mac 
>> Visionaries list.
>> 
>> If you have any questions or concerns about the running of this list, or if 
>> you feel that a member's post is inappropriate, please contact the owners or 
>> moderators directly rather than posting on the list itself.
>> 
>> Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
>> macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you 
>> can reach Cara at caraqu...@caraquinn.com
>> 
>> The archives for this list can be searched at:
>> http://www.mail-archive.com/macvisionaries@googlegroups.com/
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "MacVisionaries" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to macvisionaries+unsubscr...@googlegroups.com.
>> To post to this group, send email to macvisionaries@googlegroups.com.
>> Visit this group at https://groups.google.com/group/macvisionaries.
>> For more options, visit https://groups.google.com/d/optout.
> 
> -- 
> The following information 

Re: Password expert says he was wrong: Numbers, capital letters and symbols are useless: USA Today

[christopher hallsworth]

Hello, if possible, I protect my accounts with two factor authentication, two 
step verification, security keys and the like. Basically, a second layer such 
as a randomly generated code, sent by text, as well as my account specific 
password, is my personal best advice. That way, even if someone manages to 
correctly guess your password, they will still be locked out unless they have 
your nominated phone with them. Apple particularly takes this level of security 
very seriously, and is now required for apps to use certain iCloud features, 
such as Microsoft Outlook for Mail, Calendar and People.
> On 10 Aug 2017, at 04:38, M. Taylor  wrote:
> 
> Password expert says he was wrong: Numbers, capital letters and symbols are
> useless
> By Ashley May
> 
> USA TODAY Cybersecurity experts say certain password rules are ineffective.
> Here is some of the latest advice on setting and resetting them. Time The
> man who said use capital letters, special characters and numbers in your
> password is now taking back that advice. (Photo: hanieriani, Getty
> Images/iStockphoto) The man behind the 2003 report responsible for many
> current password guidelines says the advice is wrong. Bill Burr, the author
> of an 8-page publication released by the National Institute of Standards and
> Technology, told The Wall Street Journal his previous advice of creating
> passwords with special characters, mixed-case letters and numbers won't
> deter hackers. In fact, he told the journal,'the paper wasn't based on any
> real-world password data, but rather a paper written in the 1980s. 'Much of
> what I did I now regret,' Burr told The Wall Street Journal . The problem is
> that federal agencies, businesses and institutions took the paper
> seriously'very seriously. The report turned into password protocol. Today,
> even though Burr's report was updated in June, we are still prompted to
> change our password every 90 days using at least one capital letter, symbol
> and number. These combinations aren't secure,'mainly because people choose
> predictable combinations. The advice about frequently changing a password
> has been criticized since the report. A 2010 study by the University of
> North Carolina at Chapel Hill showed that updating passwords often can
> actually help hackers identify a pattern. Another study from Carleton
> University said frequent changes are more inconvenient than helpful. The
> better solution could be to simply use a password with four random words,
> because the number of letters can be more difficult to hack than a small
> combination of letters and special characters, the Journal reports. Finally,
> a good reason to ignore those password prompts and come up with one we can
> actually remember. Follow Ashley May on Twitter: @AshleyMayTweets 
> 
> Original Article at:
> https://www.usatoday.com/story/news/nation-now/2017/08/09/password-expert-sa
> ys-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/
> 
> 
> -- 
> The following information is important for all members of the Mac Visionaries 
> list.
> 
> If you have any questions or concerns about the running of this list, or if 
> you feel that a member's post is inappropriate, please contact the owners or 
> moderators directly rather than posting on the list itself.
> 
> Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
> macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you 
> can reach Cara at caraqu...@caraquinn.com
> 
> The archives for this list can be searched at:
> http://www.mail-archive.com/macvisionaries@googlegroups.com/
> --- 
> You received this message because you are subscribed to the Google Groups 
> "MacVisionaries" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to macvisionaries+unsubscr...@googlegroups.com.
> To post to this group, send email to macvisionaries@googlegroups.com.
> Visit this group at https://groups.google.com/group/macvisionaries.
> For more options, visit https://groups.google.com/d/optout.

-- 
The following information is important for all members of the Mac Visionaries 
list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you 
can reach Cara at caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/macvisionaries@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to macvisionaries+unsubscr...@googlegroups.com.
To post to this group, send email to macvisionaries@googlegroups.com.

Password expert says he was wrong: Numbers, capital letters and symbols are useless: USA Today

[M. Taylor]

Password expert says he was wrong: Numbers, capital letters and symbols are
useless
By Ashley May

USA TODAY Cybersecurity experts say certain password rules are ineffective.
Here is some of the latest advice on setting and resetting them. Time The
man who said use capital letters, special characters and numbers in your
password is now taking back that advice. (Photo: hanieriani, Getty
Images/iStockphoto) The man behind the 2003 report responsible for many
current password guidelines says the advice is wrong. Bill Burr, the author
of an 8-page publication released by the National Institute of Standards and
Technology, told The Wall Street Journal his previous advice of creating
passwords with special characters, mixed-case letters and numbers won't
deter hackers. In fact, he told the journal,'the paper wasn't based on any
real-world password data, but rather a paper written in the 1980s. 'Much of
what I did I now regret,' Burr told The Wall Street Journal . The problem is
that federal agencies, businesses and institutions took the paper
seriously'very seriously. The report turned into password protocol. Today,
even though Burr's report was updated in June, we are still prompted to
change our password every 90 days using at least one capital letter, symbol
and number. These combinations aren't secure,'mainly because people choose
predictable combinations. The advice about frequently changing a password
has been criticized since the report. A 2010 study by the University of
North Carolina at Chapel Hill showed that updating passwords often can
actually help hackers identify a pattern. Another study from Carleton
University said frequent changes are more inconvenient than helpful. The
better solution could be to simply use a password with four random words,
because the number of letters can be more difficult to hack than a small
combination of letters and special characters, the Journal reports. Finally,
a good reason to ignore those password prompts and come up with one we can
actually remember. Follow Ashley May on Twitter: @AshleyMayTweets 

Original Article at:
https://www.usatoday.com/story/news/nation-now/2017/08/09/password-expert-sa
ys-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/


-- 
The following information is important for all members of the Mac Visionaries 
list.

If you have any questions or concerns about the running of this list, or if you 
feel that a member's post is inappropriate, please contact the owners or 
moderators directly rather than posting on the list itself.

Your Mac Visionaries list moderator is Mark Taylor.  You can reach mark at:  
macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you 
can reach Cara at caraqu...@caraquinn.com

The archives for this list can be searched at:
http://www.mail-archive.com/macvisionaries@googlegroups.com/
--- 
You received this message because you are subscribed to the Google Groups 
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to macvisionaries+unsubscr...@googlegroups.com.
To post to this group, send email to macvisionaries@googlegroups.com.
Visit this group at https://groups.google.com/group/macvisionaries.
For more options, visit https://groups.google.com/d/optout.